CentOS 5 / 6 : postgresql / postgresql84 (CESA-2014:0211)

Description

Updated postgresql84 and postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

PostgreSQL is an advanced object-relational database management system (DBMS).

Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.
(CVE-2014-0063)

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL.
An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064)

Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065)

It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the 'ADMIN' option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from a SQL role which they were granted access to. (CVE-2014-0060)

A flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061)

A race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062)

It was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a NULL pointer dereference. (CVE-2014-0066)

Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Noah Misch as the original reporter of CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the original reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as the original reporters of CVE-2014-0065, Andres Freund as the original reporter of CVE-2014-0061, Robert Haas and Andres Freund as the original reporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the original reporters of CVE-2014-0066.

These updated packages upgrade PostgreSQL to version 8.4.20, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes :

All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2014:0211 and
# CentOS Errata and Security Advisory 2014:0211 respectively.
#
if (NASL_LEVEL &lt; 3000) exit(0);
include("compat.inc");
if (description)
{
script_id(72694);
script_version("$Revision: 1.14 $");
script_cvs_date("$Date: 2016/04/28 18:05:38 $");
script_cve_id("CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066");
script_bugtraq_id(65719, 65723, 65724, 65725, 65727, 65728, 65731);
script_osvdb_id(103544, 103545, 103546, 103547, 103548, 103549, 103551);
script_xref(name:"RHSA", value:"2014:0211");
script_name(english:"CentOS 5 / 6 : postgresql / postgresql84 (CESA-2014:0211)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated postgresql84 and postgresql packages that fix multiple
security issues are now available for Red Hat Enterprise Linux 5 and 6
respectively.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
PostgreSQL is an advanced object-relational database management system
(DBMS).
Multiple stack-based buffer overflow flaws were found in the date/time
implementation of PostgreSQL. An authenticated database user could
provide a specially crafted date/time value that, when processed,
could cause PostgreSQL to crash or, potentially, execute arbitrary
code with the permissions of the user running PostgreSQL.
(CVE-2014-0063)
Multiple integer overflow flaws, leading to heap-based buffer
overflows, were found in various type input functions in PostgreSQL.
An authenticated database user could possibly use these flaws to crash
PostgreSQL or, potentially, execute arbitrary code with the
permissions of the user running PostgreSQL. (CVE-2014-0064)
Multiple potential buffer overflow flaws were found in PostgreSQL. An
authenticated database user could possibly use these flaws to crash
PostgreSQL or, potentially, execute arbitrary code with the
permissions of the user running PostgreSQL. (CVE-2014-0065)
It was found that granting a SQL role to a database user in a
PostgreSQL database without specifying the 'ADMIN' option allowed the
grantee to remove other users from their granted role. An
authenticated database user could use this flaw to remove a user from
a SQL role which they were granted access to. (CVE-2014-0060)
A flaw was found in the validator functions provided by PostgreSQL's
procedural languages (PLs). An authenticated database user could
possibly use this flaw to escalate their privileges. (CVE-2014-0061)
A race condition was found in the way the CREATE INDEX command
performed multiple independent lookups of a table that had to be
indexed. An authenticated database user could possibly use this flaw
to escalate their privileges. (CVE-2014-0062)
It was found that the chkpass extension of PostgreSQL did not check
the return value of the crypt() function. An authenticated database
user could possibly use this flaw to crash PostgreSQL via a NULL
pointer dereference. (CVE-2014-0066)
Red Hat would like to thank the PostgreSQL project for reporting these
issues. Upstream acknowledges Noah Misch as the original reporter of
CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as
the original reporters of CVE-2014-0064, Peter Eisentraut and Jozef
Mlich as the original reporters of CVE-2014-0065, Andres Freund as the
original reporter of CVE-2014-0061, Robert Haas and Andres Freund as
the original reporters of CVE-2014-0062, and Honza Horak and Bruce
Momjian as the original reporters of CVE-2014-0066.
These updated packages upgrade PostgreSQL to version 8.4.20, which
fixes these issues as well as several non-security issues. Refer to
the PostgreSQL Release Notes for a full list of changes :
http://www.postgresql.org/docs/8.4/static/release-8-4-19.html
http://www.postgresql.org/docs/8.4/static/release-8-4-20.html
All PostgreSQL users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. If the
postgresql service is running, it will be automatically restarted
after installing this update."
);
# http://lists.centos.org/pipermail/centos-announce/2014-February/020177.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?c13f1341"
);
# http://lists.centos.org/pipermail/centos-announce/2014-February/020178.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?fcd0021d"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected postgresql and / or postgresql84 packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-contrib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-plperl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-plpython");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-pltcl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-contrib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-plperl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-plpython");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-pltcl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-tcl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-test");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
script_set_attribute(attribute:"patch_publication_date", value:"2014/02/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/26");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/CentOS/release")) audit(AUDIT_OS_NOT, "CentOS");
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-5", reference:"postgresql84-8.4.20-1.el5_10")) flag++;
if (rpm_check(release:"CentOS-5", reference:"postgresql84-contrib-8.4.20-1.el5_10")) flag++;
if (rpm_check(release:"CentOS-5", reference:"postgresql84-devel-8.4.20-1.el5_10")) flag++;
if (rpm_check(release:"CentOS-5", reference:"postgresql84-docs-8.4.20-1.el5_10")) flag++;
if (rpm_check(release:"CentOS-5", reference:"postgresql84-libs-8.4.20-1.el5_10")) flag++;
if (rpm_check(release:"CentOS-5", reference:"postgresql84-plperl-8.4.20-1.el5_10")) flag++;
if (rpm_check(release:"CentOS-5", reference:"postgresql84-plpython-8.4.20-1.el5_10")) flag++;
if (rpm_check(release:"CentOS-5", reference:"postgresql84-pltcl-8.4.20-1.el5_10")) flag++;
if (rpm_check(release:"CentOS-5", reference:"postgresql84-python-8.4.20-1.el5_10")) flag++;
if (rpm_check(release:"CentOS-5", reference:"postgresql84-server-8.4.20-1.el5_10")) flag++;
if (rpm_check(release:"CentOS-5", reference:"postgresql84-tcl-8.4.20-1.el5_10")) flag++;
if (rpm_check(release:"CentOS-5", reference:"postgresql84-test-8.4.20-1.el5_10")) flag++;
if (rpm_check(release:"CentOS-6", reference:"postgresql-8.4.20-1.el6_5")) flag++;
if (rpm_check(release:"CentOS-6", reference:"postgresql-contrib-8.4.20-1.el6_5")) flag++;
if (rpm_check(release:"CentOS-6", reference:"postgresql-devel-8.4.20-1.el6_5")) flag++;
if (rpm_check(release:"CentOS-6", reference:"postgresql-docs-8.4.20-1.el6_5")) flag++;
if (rpm_check(release:"CentOS-6", reference:"postgresql-libs-8.4.20-1.el6_5")) flag++;
if (rpm_check(release:"CentOS-6", reference:"postgresql-plperl-8.4.20-1.el6_5")) flag++;
if (rpm_check(release:"CentOS-6", reference:"postgresql-plpython-8.4.20-1.el6_5")) flag++;
if (rpm_check(release:"CentOS-6", reference:"postgresql-pltcl-8.4.20-1.el6_5")) flag++;
if (rpm_check(release:"CentOS-6", reference:"postgresql-server-8.4.20-1.el6_5")) flag++;
if (rpm_check(release:"CentOS-6", reference:"postgresql-test-8.4.20-1.el6_5")) flag++;
if (flag)
{
if (report_verbosity &gt; 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2017

{"result": {"cve": [{"id": "CVE-2014-0065", "type": "cve", "title": "CVE-2014-0065", "description": "Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.", "published": "2014-03-31T10:58:15", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065", "cvelist": ["CVE-2014-0065"], "lastseen": "2017-12-16T11:24:36"}, {"id": "CVE-2014-0064", "type": "cve", "title": "CVE-2014-0064", "description": "Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.", "published": "2014-03-31T10:58:15", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064", "cvelist": ["CVE-2014-0064"], "lastseen": "2017-12-16T11:24:36"}, {"id": "CVE-2014-0063", "type": "cve", "title": "CVE-2014-0063", "description": "Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.", "published": "2014-03-31T10:58:15", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063", "cvelist": ["CVE-2014-0063"], "lastseen": "2017-12-16T11:24:36"}, {"id": "CVE-2014-0060", "type": "cve", "title": "CVE-2014-0060", "description": "PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.", "published": "2014-03-31T10:58:08", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060", "cvelist": ["CVE-2014-0060"], "lastseen": "2017-12-16T11:24:36"}, {"id": "CVE-2014-0062", "type": "cve", "title": "CVE-2014-0062", "description": "Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.", "published": "2014-03-31T10:58:15", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062", "cvelist": ["CVE-2014-0062"], "lastseen": "2017-12-16T11:24:36"}, {"id": "CVE-2014-0066", "type": "cve", "title": "CVE-2014-0066", "description": "The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.", "published": "2014-03-31T10:58:15", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066", "cvelist": ["CVE-2014-0066"], "lastseen": "2017-12-16T11:24:36"}, {"id": "CVE-2014-0061", "type": "cve", "title": "CVE-2014-0061", "description": "The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.", "published": "2014-03-31T10:58:15", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061", "cvelist": ["CVE-2014-0061"], "lastseen": "2017-12-16T11:24:36"}], "postgresql": [{"id": "POSTGRESQL:CVE-2014-0065", "type": "postgresql", "title": "Vulnerability in core server (CVE-2014-0065)", "description": "Potential buffer overruns of fixed-size buffers.", "published": "2014-03-31T10:58:15", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.postgresql.org/support/security/", "cvelist": ["CVE-2014-0065"], "lastseen": "2018-02-15T15:10:41"}, {"id": "POSTGRESQL:CVE-2014-0064", "type": "postgresql", "title": "Vulnerability in core server (CVE-2014-0064)", "description": "Potential buffer overruns due to integer overflow in size calculations.", "published": "2014-03-31T10:58:15", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.postgresql.org/support/security/", "cvelist": ["CVE-2014-0064"], "lastseen": "2018-02-15T15:10:41"}, {"id": "POSTGRESQL:CVE-2014-0063", "type": "postgresql", "title": "Vulnerability in core server (CVE-2014-0063)", "description": "Potential buffer overruns in datetime input/output.", "published": "2014-03-31T10:58:15", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.postgresql.org/support/security/", "cvelist": ["CVE-2014-0063"], "lastseen": "2018-02-15T15:10:41"}, {"id": "POSTGRESQL:CVE-2014-0060", "type": "postgresql", "title": "Vulnerability in core server (CVE-2014-0060)", "description": "SET ROLE bypasses lack of ADMIN OPTION.", "published": "2014-03-31T10:58:08", "cvss": {"score": 4, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.postgresql.org/support/security/", "cvelist": ["CVE-2014-0060"], "lastseen": "2018-02-15T15:10:41"}, {"id": "POSTGRESQL:CVE-2014-0062", "type": "postgresql", "title": "Vulnerability in core server (CVE-2014-0062)", "description": "Race condition in CREATE INDEX allows for privilege escalation.", "published": "2014-03-31T10:58:15", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.postgresql.org/support/security/", "cvelist": ["CVE-2014-0062"], "lastseen": "2018-02-15T15:10:41"}, {"id": "POSTGRESQL:CVE-2014-0066", "type": "postgresql", "title": "Vulnerability in contrib module (CVE-2014-0066)", "description": "Potential null pointer dereference crash when crypt(3) returns NULL.", "published": "2014-03-31T10:58:15", "cvss": {"score": 4, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.postgresql.org/support/security/", "cvelist": ["CVE-2014-0066"], "lastseen": "2018-02-15T15:10:41"}, {"id": "POSTGRESQL:CVE-2014-0061", "type": "postgresql", "title": "Vulnerability in core server (CVE-2014-0061)", "description": "Privilege escalation via calls to validator functions.", "published": "2014-03-31T10:58:15", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.postgresql.org/support/security/", "cvelist": ["CVE-2014-0061"], "lastseen": "2018-02-15T15:10:41"}], "openvas": [{"id": "OPENVAS:871136", "type": "openvas", "title": "RedHat Update for postgresql RHSA-2014:0249-01", "description": "Check for the Version of postgresql", "published": "2014-03-12T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=871136", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-07-27T10:48:36"}, {"id": "OPENVAS:881894", "type": "openvas", "title": "CentOS Update for postgresql CESA-2014:0249 centos5 ", "description": "Check for the Version of postgresql", "published": "2014-03-12T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881894", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-07-25T10:48:38"}, {"id": "OPENVAS:1361412562310120527", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2014-306", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120527", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-07-26T08:49:00"}, {"id": "OPENVAS:881888", "type": "openvas", "title": "CentOS Update for postgresql84 CESA-2014:0211 centos5 ", "description": "Check for the Version of postgresql84", "published": "2014-03-04T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881888", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-07-25T10:48:27"}, {"id": "OPENVAS:702864", "type": "openvas", "title": "Debian Security Advisory DSA 2864-1 (postgresql-8.4 - several vulnerabilities)", "description": "Various vulnerabilities were discovered in PostgreSQL:\n\nCVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n\nGranting a role without ADMIN OPTION is supposed to prevent the grantee\nfrom adding or removing members from the granted role, but this\nrestriction was easily bypassed by doing SET ROLE first. The security\nimpact is mostly that a role member can revoke the access of others,\ncontrary to the wishes of his grantor. Unapproved role member additions\nare a lesser concern, since an uncooperative role member could provide\nmost of his rights to others anyway by creating views or SECURITY\nDEFINER functions.\n\nCVE-2014-0061 Prevent privilege escalation via manual calls to PL validator functions\n(Andres Freund)\n\nThe primary role of PL validator functions is to be called implicitly\nduring CREATE FUNCTION, but they are also normal SQL functions that a\nuser can call explicitly. Calling a validator on a function actually\nwritten in some other language was not checked for and could be\nexploited for privilege-escalation purposes. The fix involves adding a\ncall to a privilege-checking function in each validator function.\nNon-core procedural languages will also need to make this change to\ntheir own validator functions, if any.\n\nCVE-2014-0062 Avoid multiple name lookups during table and index DDL\n(Robert Haas, Andres Freund)\n\nIf the name lookups come to different conclusions due to concurrent\nactivity, we might perform some parts of the DDL on a different table\nthan other parts. At least in the case of CREATE INDEX, this can be used\nto cause the permissions checks to be performed against a different\ntable than the index creation, allowing for a privilege escalation\nattack.\n\nCVE-2014-0063 Prevent buffer overrun with long datetime strings (Noah Misch)\n\nThe MAXDATELEN constant was too small for the longest possible value of\ntype interval, allowing a buffer overrun in interval_out(). Although the\ndatetime input functions were more careful about avoiding buffer\noverrun, the limit was short enough to cause them to reject some valid\ninputs, such as input containing a very long timezone name. The ecpg\nlibrary contained these vulnerabilities along with some of its own.\n\nCVE-2014-0064 Prevent buffer overrun due to integer overflow in size calculations\n(Noah Misch, Heikki Linnakangas)\n\nSeveral functions, mostly type input functions, calculated an allocation\nsize without checking for overflow. If overflow did occur, a too-small\nbuffer would be allocated and then written past.\n\nCVE-2014-0065 Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich)\n\nUse strlcpy() and related functions to provide a clear guarantee that\nfixed-size buffers are not overrun. Unlike the preceding items, it is\nunclear whether these cases really represent live issues, since in most\ncases there appear to be previous constraints on the size of the input\nstring. Nonetheless it seems prudent to silence all Coverity warnings of\nthis type.\n\nCVE-2014-0066 Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian)\nThere are relatively few scenarios in which crypt() could return NULL,\nbut contrib/chkpass would crash if it did. One practical case in which\nthis could be an issue is if libc is configured to refuse to execute\nunapproved hashing algorithms (e.g., FIPS mode \n).\n\nCVE-2014-0067 Document risks of make check in the regression testing instructions\n(Noah Misch, Tom Lane)\nSince the temporary server started by make check uses trust \n\nauthentication, another user on the same machine could connect to it as\ndatabase superuser, and then potentially exploit the privileges of the\noperating-system user who started the tests. A future release will\nprobably incorporate changes in the testing procedure to prevent this\nrisk, but some public discussion is needed first. So for the moment,\njust warn people against using make check when there are untrusted users\non the same machine.", "published": "2014-02-20T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=702864", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0067", "CVE-2014-0061"], "lastseen": "2017-08-02T10:49:03"}, {"id": "OPENVAS:841727", "type": "openvas", "title": "Ubuntu Update for postgresql-9.1 USN-2120-1", "description": "Check for the Version of postgresql-9.1", "published": "2014-02-25T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=841727", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-12-04T11:16:26"}, {"id": "OPENVAS:702865", "type": "openvas", "title": "Debian Security Advisory DSA 2865-1 (postgresql-9.1 - several vulnerabilities)", "description": "Various vulnerabilities were discovered in PostgreSQL:\n\nCVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n\nGranting a role without ADMIN OPTION is supposed to prevent the grantee\nfrom adding or removing members from the granted role, but this\nrestriction was easily bypassed by doing SET ROLE first. The security\nimpact is mostly that a role member can revoke the access of others,\ncontrary to the wishes of his grantor. Unapproved role member additions\nare a lesser concern, since an uncooperative role member could provide\nmost of his rights to others anyway by creating views or SECURITY\nDEFINER functions.\n\nCVE-2014-0061 Prevent privilege escalation via manual calls to PL validator functions\n(Andres Freund)\n\nThe primary role of PL validator functions is to be called implicitly\nduring CREATE FUNCTION, but they are also normal SQL functions that a\nuser can call explicitly. Calling a validator on a function actually\nwritten in some other language was not checked for and could be\nexploited for privilege-escalation purposes. The fix involves adding a\ncall to a privilege-checking function in each validator function.\nNon-core procedural languages will also need to make this change to\ntheir own validator functions, if any.\n\nCVE-2014-0062 Avoid multiple name lookups during table and index DDL\n(Robert Haas, Andres Freund)\n\nIf the name lookups come to different conclusions due to concurrent\nactivity, we might perform some parts of the DDL on a different table\nthan other parts. At least in the case of CREATE INDEX, this can be used\nto cause the permissions checks to be performed against a different\ntable than the index creation, allowing for a privilege escalation\nattack.\n\nCVE-2014-0063 Prevent buffer overrun with long datetime strings (Noah Misch)\n\nThe MAXDATELEN constant was too small for the longest possible value of\ntype interval, allowing a buffer overrun in interval_out(). Although the\ndatetime input functions were more careful about avoiding buffer\noverrun, the limit was short enough to cause them to reject some valid\ninputs, such as input containing a very long timezone name. The ecpg\nlibrary contained these vulnerabilities along with some of its own.\n\nCVE-2014-0064 Prevent buffer overrun due to integer overflow in size calculations\n(Noah Misch, Heikki Linnakangas)\n\nSeveral functions, mostly type input functions, calculated an allocation\nsize without checking for overflow. If overflow did occur, a too-small\nbuffer would be allocated and then written past.\n\nCVE-2014-0065 Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich)\n\nUse strlcpy() and related functions to provide a clear guarantee that\nfixed-size buffers are not overrun. Unlike the preceding items, it is\nunclear whether these cases really represent live issues, since in most\ncases there appear to be previous constraints on the size of the input\nstring. Nonetheless it seems prudent to silence all Coverity warnings of\nthis type.\n\nCVE-2014-0066 Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian)\nThere are relatively few scenarios in which crypt() could return NULL,\nbut contrib/chkpass would crash if it did. One practical case in which\nthis could be an issue is if libc is configured to refuse to execute\nunapproved hashing algorithms (e.g., FIPS mode \n).\n\nCVE-2014-0067 Document risks of make check in the regression testing instructions\n(Noah Misch, Tom Lane)\nSince the temporary server started by make check uses trust \n\nauthentication, another user on the same machine could connect to it as\ndatabase superuser, and then potentially exploit the privileges of the\noperating-system user who started the tests. A future release will\nprobably incorporate changes in the testing procedure to prevent this\nrisk, but some public discussion is needed first. So for the moment,\njust warn people against using make check when there are untrusted users\non the same machine.", "published": "2014-02-20T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=702865", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0067", "CVE-2014-0061"], "lastseen": "2017-08-01T10:48:38"}, {"id": "OPENVAS:1361412562310123459", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0211", "description": "Oracle Linux Local Security Checks ELSA-2014-0211", "published": "2015-10-06T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123459", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-07-24T12:52:36"}, {"id": "OPENVAS:1361412562310123454", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0249", "description": "Oracle Linux Local Security Checks ELSA-2014-0249", "published": "2015-10-06T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123454", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-07-24T12:52:59"}, {"id": "OPENVAS:1361412562310120526", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2014-305", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120526", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-07-27T10:48:46"}], "oraclelinux": [{"id": "ELSA-2014-0249", "type": "oraclelinux", "title": "postgresql security update", "description": "[8.1.23-10]\n- related #1065840: CVE-2014-0062\n[8.1.23-9]\n- fix #1065840: CVE-2014-0060, CVE-2014-0061, CVE-2014-0063, CVE-2014-0064,\n CVE-2014-0065\n- better incorporate strlcpy function (upstream git diff c92f7e..062421)", "published": "2014-03-04T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-0249.html", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2016-09-04T11:16:22"}, {"id": "ELSA-2014-0211", "type": "oraclelinux", "title": "postgresql84 and postgresql security update", "description": "[8.4.20-1]\n- Update to PostgreSQL 8.4.20 (#1065843) for fixes described at\n http://www.postgresql.org/docs/8.4/static/release-8-4-19.html\n http://www.postgresql.org/docs/8.4/static/release-8-4-20.html", "published": "2014-02-25T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-0211.html", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2016-09-04T11:16:02"}], "nessus": [{"id": "SL_20140225_POSTGRESQL84_AND_POSTGRESQL_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : postgresql84 and postgresql on SL5.x, SL6.x i386/x86_64", "description": "Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.\n(CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting a SQL role to a database user in a PostgreSQL database without specifying the 'ADMIN' option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from a SQL role which they were granted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a NULL pointer dereference. (CVE-2014-0066)\n\nThese updated packages upgrade PostgreSQL to version 8.4.20, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-19.html http://www.postgresql.org/docs/8.4/static/release-8-4-20.html\n\nIf the postgresql service is running, it will be automatically restarted after installing this update.", "published": "2014-02-26T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72699", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-10-29T13:42:51"}, {"id": "FREEBSD_PKG_42D420909A4D11E3B02908002798F6FF.NASL", "type": "nessus", "title": "FreeBSD : PostgreSQL -- multiple privilege issues (42d42090-9a4d-11e3-b029-08002798f6ff)", "description": "PostgreSQL Project reports :\n\nThis update fixes CVE-2014-0060, in which PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for ROLE management. Before this fix, any member of a ROLE was able to grant others access to the same ROLE regardless if the member was given the WITH ADMIN OPTION permission. It also fixes multiple privilege escalation issues, including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, and CVE-2014-0066. More information on these issues can be found on our security page and the security issue detail wiki page.\n\nWith this release, we are also alerting users to a known security hole that allows other users on the same machine to gain access to an operating system account while it is doing 'make check' :\nCVE-2014-0067. 'Make check' is normally part of building PostgreSQL from source code. As it is not possible to fix this issue without causing significant issues to our testing infrastructure, a patch will be released separately and publicly. Until then, users are strongly advised not to run 'make check' on machines where untrusted users have accounts.", "published": "2014-02-21T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72612", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0067", "CVE-2014-0061"], "lastseen": "2017-10-29T13:39:04"}, {"id": "SL_20140304_POSTGRESQL_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : postgresql on SL5.x i386/x86_64", "description": "Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.\n(CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting a SQL role to a database user in a PostgreSQL database without specifying the 'ADMIN' option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from a SQL role which they were granted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a NULL pointer dereference. (CVE-2014-0066)\n\nIf the postgresql service is running, it will be automatically restarted after installing this update.", "published": "2014-03-05T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72811", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-10-29T13:33:00"}, {"id": "UBUNTU_USN-2120-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : postgresql-8.4, postgresql-9.1 vulnerabilities (USN-2120-1)", "description": "Noah Misch and Jonas Sundman discovered that PostgreSQL did not correctly enforce ADMIN OPTION restrictions. An authenticated attacker could use this issue to possibly revoke access from others, contrary to expected permissions. (CVE-2014-0060)\n\nAndres Freund discovered that PostgreSQL incorrectly handled validator functions. An authenticated attacker could possibly use this issue to escalate their privileges. (CVE-2014-0061)\n\nAndres Freund discovered that PostgreSQL incorrectly handled concurrent CREATE INDEX statements. An authenticated attacker could possibly use this issue to obtain access to restricted data, bypassing intended privileges. (CVE-2014-0062)\n\nDaniel Schussler discovered that PostgreSQL incorrectly handled datetime input. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-0063)\n\nIt was discovered that PostgreSQL incorrectly handled certain size calculations. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-0064)\n\nPeter Eisentraut and Jozef Mlich discovered that PostgreSQL incorrectly handled certain buffer sizes. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2014-0065)\n\nHonza Horak discovered that PostgreSQL incorrectly used the crypt() library function. This issue could possibly cause PostgreSQL to crash, resulting in a denial of service (CVE-2014-0066).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-02-25T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72682", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-10-29T13:33:59"}, {"id": "ALA_ALAS-2014-305.NASL", "type": "nessus", "title": "Amazon Linux AMI : postgresql8 (ALAS-2014-305)", "description": "Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.\n(CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting a SQL role to a database user in a PostgreSQL database without specifying the 'ADMIN' option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from a SQL role which they were granted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a NULL pointer dereference. (CVE-2014-0066)", "published": "2014-03-18T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73059", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-10-29T13:40:12"}, {"id": "MANDRIVA_MDVSA-2014-047.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : postgresql (MDVSA-2014:047)", "description": "Multiple vulnerabilities has been discovered and corrected in postgresql :\n\nGranting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions (CVE-2014-0060).\n\nThe primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function.\nNon-core procedural languages will also need to make this change to their own validator functions, if any (CVE-2014-0061).\n\nIf the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack (CVE-2014-0062).\n\nThe MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out().\nAlthough the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name.\nThe ecpg library contained these vulnerabilities along with some of its own (CVE-2014-0063).\n\nSeveral functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past (CVE-2014-0064).\n\nUse strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type (CVE-2014-0065).\n\nThere are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., FIPS mode) (CVE-2014-0066).\n\nSince the temporary server started by make check uses trust authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine (CVE-2014-0067).\n\nThis advisory provides the latest version of PostgreSQL that is not vulnerable to these issues.", "published": "2014-02-23T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72642", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0067", "CVE-2014-0061"], "lastseen": "2017-10-29T13:42:45"}, {"id": "ORACLELINUX_ELSA-2014-0249.NASL", "type": "nessus", "title": "Oracle Linux 5 : postgresql (ELSA-2014-0249)", "description": "From Red Hat Security Advisory 2014:0249 :\n\nUpdated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system (DBMS).\n\nMultiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.\n(CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting a SQL role to a database user in a PostgreSQL database without specifying the 'ADMIN' option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from a SQL role which they were granted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a NULL pointer dereference. (CVE-2014-0066)\n\nRed Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Noah Misch as the original reporter of CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the original reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as the original reporters of CVE-2014-0065, Andres Freund as the original reporter of CVE-2014-0061, Robert Haas and Andres Freund as the original reporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the original reporters of CVE-2014-0066.\n\nAll PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.", "published": "2014-03-05T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72809", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-10-29T13:45:36"}, {"id": "DEBIAN_DSA-2865.NASL", "type": "nessus", "title": "Debian DSA-2865-1 : postgresql-9.1 - several vulnerabilities", "description": "Various vulnerabilities were discovered in PostgreSQL :\n\n - CVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch) Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor.\n Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions.\n\n - CVE-2014-0061 Prevent privilege escalation via manual calls to PL validator functions (Andres Freund)\n\n The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes.\n The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any.\n\n - CVE-2014-0062 Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund)\n\n If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack.\n\n - CVE-2014-0063 Prevent buffer overrun with long datetime strings (Noah Misch)\n\n The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own.\n\n - CVE-2014-0064 CVE-2014-2669 Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas)\n\n Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past.\n\n - CVE-2014-0065 Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich)\n\n Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun.\n Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type.\n\n - CVE-2014-0066 Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian)\n\n There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., 'FIPS mode').\n\n - CVE-2014-0067 Document risks of make check in the regression testing instructions (Noah Misch, Tom Lane)\n\n Since the temporary server started by make check uses 'trust' authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine.", "published": "2014-02-21T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72611", "cvelist": ["CVE-2014-2669", "CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0067", "CVE-2014-0061"], "lastseen": "2017-10-29T13:34:24"}, {"id": "POSTGRESQL_20140220.NASL", "type": "nessus", "title": "PostgreSQL 8.4 < 8.4.20 / 9.0 < 9.0.16 / 9.1 < 9.1.12 / 9.2 < 9.2.7 / 9.3 < 9.3.3 Multiple Vulnerabilities", "description": "The version of PostgreSQL installed on the remote host is 8.4.x prior to 8.4.20, 9.0.x prior to 9.0.16, 9.1.x prior to 9.1.12, 9.2.x prior to 9.2.7 or 9.3.x prior to 9.3.3. It is, therefore, potentially affected by multiple vulnerabilities :\n\n - SET ROLE bypasses lack of ADMIN OPTION when granting roles. (CVE-2014-0060)\n\n - It is possible to elevate privileges via calls to validator functions. (CVE-2014-0061)\n\n - It is possible to elevate privileges via a race condition in CREATE INDEX. (CVE-2014-0062)\n\n - Potential buffer overruns exist due to integer overflow in size calculations. (CVE-2014-0063)\n\n - Potential buffer overruns exist in datetime input/output. (CVE-2014-0064)\n\n - Multiple fixed-size buffers exist that could potentially be overflowed. (CVE-2014-0065)\n\n - A potential NULL pointer dereference crash is possible when crypt(3) returns NULL. (CVE-2014-0066) \n - Multiple integer overflow vulnerabilities exist in 'hstore_io.c' (CVE-2014-2669)", "published": "2014-02-24T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72659", "cvelist": ["CVE-2014-2669", "CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-10-29T13:36:02"}, {"id": "OPENSUSE-2014-192.NASL", "type": "nessus", "title": "openSUSE Security Update : postgresql92 (openSUSE-SU-2014:0345-1)", "description": "The PostgreSQL database was updated to the security and bugfix release 9.2.7, which following fixes :\n\n - Shore up GRANT ... WITH ADMIN OPTION restrictions (CVE-2014-0060, bnc#864845)\n\n - Prevent privilege escalation via manual calls to PL validator functions (CVE-2014-0061, bnc#864846)\n\n - Avoid multiple name lookups during table and index DDL (CVE-2014-0062, bnc#864847)\n\n - Prevent buffer overrun with long datetime strings (CVE-2014-0063, bnc#864850)\n\n - Prevent buffer overrun due to integer overflow in size calculations (CVE-2014-0064, bnc#864851)\n\n - Prevent overruns of fixed-size buffers (CVE-2014-0065, bnc#864852)\n\n - Avoid crashing if crypt() returns NULL (CVE-2014-0066, bnc#864853)\n\n - Document risks of make check in the regression testing instructions (CVE-2014-0067)\n\n - For the other (many!) bug fixes, see the release notes:\n http://www.postgresql.org/docs/9.3/static/release-9-2-7.\n html", "published": "2014-06-13T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75281", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0067", "CVE-2014-0061"], "lastseen": "2017-10-29T13:43:21"}], "seebug": [{"id": "SSV:62083", "type": "seebug", "title": "Nixu NameSurfer\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "description": "CVE ID:CVE-2014-0060\u3001CVE-2014-0061\u3001CVE-2014-0062\u3001CVE-2014-0063\u3001CVE-2014-0064\u3001CVE-2014-0065\u3001CVE-2014-0066\r\n\r\nNixu NameSurfer\u662f\u4e00\u4e2a\u5b9e\u73b0\u96c6\u4e2d\u5730\u5740\u7ba1\u7406\u8986\u76d6\u7684IPAM\u8f6f\u4ef6\u5e94\u7528\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nNixu NameSurfer\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff1a\r\n1\uff0c\u90e8\u5206\u8f93\u5165\u5728\u4f7f\u7528\u4e4b\u524d\u7f3a\u5c11\u8fc7\u6ee4\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\r\n2\uff0c\u89e3\u6790XML\u5b9e\u4f53\u65f6\u5b58\u5728\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u7279\u5236\u7684\u5305\u542b\u5916\u90e8\u5b9e\u4f53\u5f15\u7528\u7684XML\u6587\u6863\u6765\u83b7\u53d6\u672c\u5730\u8d44\u6e90\u6570\u636e\u6216\u6d88\u8017\u670d\u52a1\u5668\u8d44\u6e90\u3002\r\n3\uff0c\u5b58\u5728\u672a\u660e\u9519\u8bef\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u4ee5&quot;namesurf&quot;\u7528\u6237\u8bbf\u95ee\u4efb\u610f\u6587\u4ef6\u3002\r\n4\uff0c\u8be5\u4ea7\u54c1\u7ed1\u5b9a\u7684postgreSQL\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\u3002\n0\nNixu NameSurfer 7.x\nNixu NameSurfer 7.5.2.1\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.nixusoftware.com/index.php/products/namesurfer", "published": "2014-04-08T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-62083", "cvelist": ["CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066"], "lastseen": "2017-11-19T17:33:25"}, {"id": "SSV:61543", "type": "seebug", "title": "PostgreSQL\u8fdc\u7a0b\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "description": "BUGTRAQ ID: 65719\r\nCVE(CAN) ID: CVE-2014-0063\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16, 8.4.20\u4e4b\u524d\u7248\u672c\u7684\u5e38\u6570MAXDATELEN\u5bf9\u4e8e\u7c7b\u578binterval\u7684\u6700\u957f\u503c\u8fc7\u5c0f\uff0c\u8fd9\u53ef\u4f7finterval_out()\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\u4e3a\u907f\u514d\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u65e5\u671f\u65f6\u95f4\u51fd\u6570\u4f1a\u62d2\u7edd\u5305\u542b\u4e86\u8f83\u957f\u65f6\u95f4\u57df\u540d\u79f0\u7684\u6709\u6548\u8f93\u5165\u3002ecpg\u5e93\u5185\u5305\u542b\u4e86\u8fd9\u4e9b\u6f0f\u6d1e\u3002\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u6570\u636e\u5e93\u7528\u6237\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210PostgreSQL\u670d\u52a1\u5668\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n0\r\nPostgreSQL PostgreSQL 8.x\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.postgresql.org", "published": "2014-02-25T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-61543", "cvelist": ["CVE-2014-0063"], "lastseen": "2017-11-19T13:33:31"}, {"id": "SSV:61545", "type": "seebug", "title": "PostgreSQL\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e", "description": "BUGTRAQ ID: 65723\r\nCVE(CAN) ID: CVE-2014-0060\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16, 8.4.20\u4e4b\u524d\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u201cGRANT ... WITHOUT ADMIN OPTION\u201d\u9650\u5236\u53ef\u88ab\u7ed5\u8fc7\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u5458\u6743\u9650\uff0c\u64a4\u9500\u5176\u4ed6\u7528\u6237\u7684\u8bbf\u95ee\u6743\u9650\u3002\r\n0\r\nPostgreSQL PostgreSQL 8.x\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.postgresql.org", "published": "2014-02-25T00:00:00", "cvss": {"score": 4, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-61545", "cvelist": ["CVE-2014-0060"], "lastseen": "2017-11-19T17:31:56"}, {"id": "SSV:61546", "type": "seebug", "title": "PostgreSQL\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e", "description": "BUGTRAQ ID: 65727\r\nCVE(CAN) ID: CVE-2014-0062\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16, 8.4.20\u4e4b\u524d\u7248\u672c\u7684CREATE INDEX\u4e2d\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u6570\u636e\u5e93\u7528\u6237\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u63d0\u5347\u81ea\u5df1\u7684\u6743\u9650\u3002\r\n0\r\nPostgreSQL PostgreSQL 8.x\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.postgresql.org", "published": "2014-02-25T00:00:00", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-61546", "cvelist": ["CVE-2014-0062"], "lastseen": "2017-11-19T17:31:42"}, {"id": "SSV:61547", "type": "seebug", "title": "PostgreSQL\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "description": "BUGTRAQ ID: 65728\r\nCVE(CAN) ID: CVE-2014-0066\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16, 8.4.20\u4e4b\u524d\u7248\u672c\u7684chkpass\u6269\u5c55\u6ca1\u6709\u68c0\u67e5\u5bf9crypt()\u7684\u8c03\u7528\u7ed3\u679c\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u6570\u636e\u5e93\u7528\u6237\u53ef\u89e6\u53d1\u6b64\u6f0f\u6d1e\u9020\u6210PostgreSQL\u5d29\u6e83\u3002\r\n0\r\nPostgreSQL PostgreSQL 8.x\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.postgresql.org", "published": "2014-02-25T00:00:00", "cvss": {"score": 4, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-61547", "cvelist": ["CVE-2014-0066"], "lastseen": "2017-11-19T17:36:18"}], "amazon": [{"id": "ALAS-2014-305", "type": "amazon", "title": "Important: postgresql8", "description": "**Issue Overview:**\n\nMultiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. ([CVE-2014-0063 __](<https://access.redhat.com/security/cve/CVE-2014-0063>))\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. ([CVE-2014-0064 __](<https://access.redhat.com/security/cve/CVE-2014-0064>))\n\nMultiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. ([CVE-2014-0065 __](<https://access.redhat.com/security/cve/CVE-2014-0065>))\n\nIt was found that granting an SQL role to a database user in a PostgreSQL database without specifying the \"ADMIN\" option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from an SQL role which they were granted access to. ([CVE-2014-0060 __](<https://access.redhat.com/security/cve/CVE-2014-0060>))\n\nA flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. ([CVE-2014-0061 __](<https://access.redhat.com/security/cve/CVE-2014-0061>))\n\nA race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. ([CVE-2014-0062 __](<https://access.redhat.com/security/cve/CVE-2014-0062>))\n\nIt was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a null pointer dereference. ([CVE-2014-0066 __](<https://access.redhat.com/security/cve/CVE-2014-0066>))\n\n \n**Affected Packages:** \n\n\npostgresql8\n\n \n**Issue Correction:** \nRun _yum update postgresql8_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n postgresql8-libs-8.4.20-1.44.amzn1.i686 \n postgresql8-test-8.4.20-1.44.amzn1.i686 \n postgresql8-plpython-8.4.20-1.44.amzn1.i686 \n postgresql8-debuginfo-8.4.20-1.44.amzn1.i686 \n postgresql8-pltcl-8.4.20-1.44.amzn1.i686 \n postgresql8-devel-8.4.20-1.44.amzn1.i686 \n postgresql8-plperl-8.4.20-1.44.amzn1.i686 \n postgresql8-contrib-8.4.20-1.44.amzn1.i686 \n postgresql8-8.4.20-1.44.amzn1.i686 \n postgresql8-server-8.4.20-1.44.amzn1.i686 \n postgresql8-docs-8.4.20-1.44.amzn1.i686 \n \n src: \n postgresql8-8.4.20-1.44.amzn1.src \n \n x86_64: \n postgresql8-pltcl-8.4.20-1.44.amzn1.x86_64 \n postgresql8-contrib-8.4.20-1.44.amzn1.x86_64 \n postgresql8-server-8.4.20-1.44.amzn1.x86_64 \n postgresql8-plpython-8.4.20-1.44.amzn1.x86_64 \n postgresql8-8.4.20-1.44.amzn1.x86_64 \n postgresql8-libs-8.4.20-1.44.amzn1.x86_64 \n postgresql8-debuginfo-8.4.20-1.44.amzn1.x86_64 \n postgresql8-plperl-8.4.20-1.44.amzn1.x86_64 \n postgresql8-docs-8.4.20-1.44.amzn1.x86_64 \n postgresql8-test-8.4.20-1.44.amzn1.x86_64 \n postgresql8-devel-8.4.20-1.44.amzn1.x86_64 \n \n \n", "published": "2014-03-13T18:12:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2014-305.html", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2016-09-28T21:04:05"}, {"id": "ALAS-2014-306", "type": "amazon", "title": "Important: postgresql9", "description": "**Issue Overview:**\n\nMultiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. ([CVE-2014-0063 __](<https://access.redhat.com/security/cve/CVE-2014-0063>))\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. ([CVE-2014-0064 __](<https://access.redhat.com/security/cve/CVE-2014-0064>))\n\nMultiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. ([CVE-2014-0065 __](<https://access.redhat.com/security/cve/CVE-2014-0065>))\n\nIt was found that granting an SQL role to a database user in a PostgreSQL database without specifying the \"ADMIN\" option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from an SQL role which they were granted access to. ([CVE-2014-0060 __](<https://access.redhat.com/security/cve/CVE-2014-0060>))\n\nA flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. ([CVE-2014-0061 __](<https://access.redhat.com/security/cve/CVE-2014-0061>))\n\nA race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. ([CVE-2014-0062 __](<https://access.redhat.com/security/cve/CVE-2014-0062>))\n\nIt was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a null pointer dereference. ([CVE-2014-0066 __](<https://access.redhat.com/security/cve/CVE-2014-0066>))\n\n \n**Affected Packages:** \n\n\npostgresql9\n\n \n**Issue Correction:** \nRun _yum update postgresql9_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n postgresql9-server-9.2.7-1.40.amzn1.i686 \n postgresql9-libs-9.2.7-1.40.amzn1.i686 \n postgresql9-upgrade-9.2.7-1.40.amzn1.i686 \n postgresql9-plpython-9.2.7-1.40.amzn1.i686 \n postgresql9-contrib-9.2.7-1.40.amzn1.i686 \n postgresql9-test-9.2.7-1.40.amzn1.i686 \n postgresql9-debuginfo-9.2.7-1.40.amzn1.i686 \n postgresql9-pltcl-9.2.7-1.40.amzn1.i686 \n postgresql9-plperl-9.2.7-1.40.amzn1.i686 \n postgresql9-9.2.7-1.40.amzn1.i686 \n postgresql9-docs-9.2.7-1.40.amzn1.i686 \n postgresql9-devel-9.2.7-1.40.amzn1.i686 \n \n src: \n postgresql9-9.2.7-1.40.amzn1.src \n \n x86_64: \n postgresql9-server-9.2.7-1.40.amzn1.x86_64 \n postgresql9-test-9.2.7-1.40.amzn1.x86_64 \n postgresql9-upgrade-9.2.7-1.40.amzn1.x86_64 \n postgresql9-pltcl-9.2.7-1.40.amzn1.x86_64 \n postgresql9-contrib-9.2.7-1.40.amzn1.x86_64 \n postgresql9-9.2.7-1.40.amzn1.x86_64 \n postgresql9-docs-9.2.7-1.40.amzn1.x86_64 \n postgresql9-plpython-9.2.7-1.40.amzn1.x86_64 \n postgresql9-debuginfo-9.2.7-1.40.amzn1.x86_64 \n postgresql9-devel-9.2.7-1.40.amzn1.x86_64 \n postgresql9-plperl-9.2.7-1.40.amzn1.x86_64 \n postgresql9-libs-9.2.7-1.40.amzn1.x86_64 \n \n \n", "published": "2014-03-13T18:12:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2014-306.html", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2016-09-28T21:04:05"}], "debian": [{"id": "DSA-2864", "type": "debian", "title": "postgresql-8.4 -- several vulnerabilities", "description": "Various vulnerabilities were discovered in PostgreSQL:\n\n * [CVE-2014-0060](<https://security-tracker.debian.org/tracker/CVE-2014-0060>) Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch) \n\nGranting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions.\n\n * [CVE-2014-0061](<https://security-tracker.debian.org/tracker/CVE-2014-0061>) Prevent privilege escalation via manual calls to PL validator functions (Andres Freund) \n\nThe primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any.\n\n * [CVE-2014-0062](<https://security-tracker.debian.org/tracker/CVE-2014-0062>) Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund) \n\nIf the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack.\n\n * [CVE-2014-0063](<https://security-tracker.debian.org/tracker/CVE-2014-0063>) Prevent buffer overrun with long datetime strings (Noah Misch) \n\nThe MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own.\n\n * [CVE-2014-0064](<https://security-tracker.debian.org/tracker/CVE-2014-0064>) Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas) \n\nSeveral functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past.\n\n * [CVE-2014-0065](<https://security-tracker.debian.org/tracker/CVE-2014-0065>) Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich) \n\nUse strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type.\n\n * [CVE-2014-0066](<https://security-tracker.debian.org/tracker/CVE-2014-0066>) Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian) \n\nThere are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., FIPS mode).\n\n * [CVE-2014-0067](<https://security-tracker.debian.org/tracker/CVE-2014-0067>) Document risks of make check in the regression testing instructions (Noah Misch, Tom Lane) \n\nSince the temporary server started by make check uses trust authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in version 8.4.20-0squeeze1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 9.3.3-1 of the postgresql-9.3 package.\n\nWe recommend that you upgrade your postgresql-8.4 packages.", "published": "2014-02-20T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2864", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0067", "CVE-2014-0061"], "lastseen": "2016-09-02T18:21:37"}, {"id": "DSA-2865", "type": "debian", "title": "postgresql-9.1 -- several vulnerabilities", "description": "Various vulnerabilities were discovered in PostgreSQL:\n\n * [CVE-2014-0060](<https://security-tracker.debian.org/tracker/CVE-2014-0060>) Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch) \n\nGranting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions.\n\n * [CVE-2014-0061](<https://security-tracker.debian.org/tracker/CVE-2014-0061>) Prevent privilege escalation via manual calls to PL validator functions (Andres Freund) \n\nThe primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any.\n\n * [CVE-2014-0062](<https://security-tracker.debian.org/tracker/CVE-2014-0062>) Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund) \n\nIf the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack.\n\n * [CVE-2014-0063](<https://security-tracker.debian.org/tracker/CVE-2014-0063>) Prevent buffer overrun with long datetime strings (Noah Misch) \n\nThe MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own.\n\n * [CVE-2014-0064](<https://security-tracker.debian.org/tracker/CVE-2014-0064>) [CVE-2014-2669](<https://security-tracker.debian.org/tracker/CVE-2014-2669>) Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas) \n\nSeveral functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past.\n\n * [CVE-2014-0065](<https://security-tracker.debian.org/tracker/CVE-2014-0065>) Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich) \n\nUse strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type.\n\n * [CVE-2014-0066](<https://security-tracker.debian.org/tracker/CVE-2014-0066>) Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian) \n\nThere are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., FIPS mode).\n\n * [CVE-2014-0067](<https://security-tracker.debian.org/tracker/CVE-2014-0067>) Document risks of make check in the regression testing instructions (Noah Misch, Tom Lane) \n\nSince the temporary server started by make check uses trust authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 9.1_9.1.12-0wheezy1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 9.3.3-1 of the postgresql-9.3 package.\n\nWe recommend that you upgrade your postgresql-9.1 packages.", "published": "2014-02-20T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2865", "cvelist": ["CVE-2014-2669", "CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0067", "CVE-2014-0061"], "lastseen": "2016-09-02T18:30:59"}], "redhat": [{"id": "RHSA-2014:0249", "type": "redhat", "title": "(RHSA-2014:0249) Important: postgresql security update", "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nMultiple stack-based buffer overflow flaws were found in the date/time\nimplementation of PostgreSQL. An authenticated database user could provide\na specially crafted date/time value that, when processed, could cause\nPostgreSQL to crash or, potentially, execute arbitrary code with the\npermissions of the user running PostgreSQL. (CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in various type input functions in PostgreSQL. An authenticated\ndatabase user could possibly use these flaws to crash PostgreSQL or,\npotentially, execute arbitrary code with the permissions of the user\nrunning PostgreSQL. (CVE-2014-0064)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash\nPostgreSQL or, potentially, execute arbitrary code with the permissions of\nthe user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting an SQL role to a database user in a PostgreSQL\ndatabase without specifying the \"ADMIN\" option allowed the grantee to\nremove other users from their granted role. An authenticated database user\ncould use this flaw to remove a user from an SQL role which they were\ngranted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL's\nprocedural languages (PLs). An authenticated database user could possibly\nuse this flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way the CREATE INDEX command performed\nmultiple independent lookups of a table that had to be indexed. An\nauthenticated database user could possibly use this flaw to escalate their\nprivileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the\nreturn value of the crypt() function. An authenticated database user could\npossibly use this flaw to crash PostgreSQL via a null pointer dereference.\n(CVE-2014-0066)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Noah Misch as the original reporter of\nCVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the\noriginal reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as\nthe original reporters of CVE-2014-0065, Andres Freund as the original\nreporter of CVE-2014-0061, Robert Haas and Andres Freund as the original\nreporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the\noriginal reporters of CVE-2014-0066.\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. If the postgresql\nservice is running, it will be automatically restarted after installing\nthis update.\n", "published": "2014-03-04T05:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0249", "cvelist": ["CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066"], "lastseen": "2017-09-08T13:21:23"}, {"id": "RHSA-2014:0221", "type": "redhat", "title": "(RHSA-2014:0221) Important: postgresql92-postgresql security update", "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nMultiple stack-based buffer overflow flaws were found in the date/time\nimplementation of PostgreSQL. An authenticated database user could provide\na specially crafted date/time value that, when processed, could cause\nPostgreSQL to crash or, potentially, execute arbitrary code with the\npermissions of the user running PostgreSQL. (CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in various type input functions in PostgreSQL. An authenticated\ndatabase user could possibly use these flaws to crash PostgreSQL or,\npotentially, execute arbitrary code with the permissions of the user\nrunning PostgreSQL. (CVE-2014-0064)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash\nPostgreSQL or, potentially, execute arbitrary code with the permissions of\nthe user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting an SQL role to a database user in a PostgreSQL\ndatabase without specifying the \"ADMIN\" option allowed the grantee to\nremove other users from their granted role. An authenticated database user\ncould use this flaw to remove a user from an SQL role which they were\ngranted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL's\nprocedural languages (PLs). An authenticated database user could possibly\nuse this flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way the CREATE INDEX command performed\nmultiple independent lookups of a table that had to be indexed. An\nauthenticated database user could possibly use this flaw to escalate their\nprivileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the\nreturn value of the crypt() function. An authenticated database user could\npossibly use this flaw to crash PostgreSQL via a null pointer dereference.\n(CVE-2014-0066)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Noah Misch as the original reporter of\nCVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the\noriginal reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as\nthe original reporters of CVE-2014-0065, Andres Freund as the original\nreporter of CVE-2014-0061, Robert Haas and Andres Freund as the original\nreporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the\noriginal reporters of CVE-2014-0066.\n\nThese updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. If the postgresql\nservice is running, it will be automatically restarted after installing\nthis update.\n", "published": "2014-02-27T05:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0221", "cvelist": ["CVE-2014-2669", "CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-03-06T21:18:28"}, {"id": "RHSA-2014:0211", "type": "redhat", "title": "(RHSA-2014:0211) Important: postgresql84 and postgresql security update", "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nMultiple stack-based buffer overflow flaws were found in the date/time\nimplementation of PostgreSQL. An authenticated database user could provide\na specially crafted date/time value that, when processed, could cause\nPostgreSQL to crash or, potentially, execute arbitrary code with the\npermissions of the user running PostgreSQL. (CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in various type input functions in PostgreSQL. An authenticated\ndatabase user could possibly use these flaws to crash PostgreSQL or,\npotentially, execute arbitrary code with the permissions of the user\nrunning PostgreSQL. (CVE-2014-0064)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash\nPostgreSQL or, potentially, execute arbitrary code with the permissions of\nthe user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting an SQL role to a database user in a PostgreSQL\ndatabase without specifying the \"ADMIN\" option allowed the grantee to\nremove other users from their granted role. An authenticated database user\ncould use this flaw to remove a user from an SQL role which they were\ngranted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL's\nprocedural languages (PLs). An authenticated database user could possibly\nuse this flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way the CREATE INDEX command performed\nmultiple independent lookups of a table that had to be indexed. An\nauthenticated database user could possibly use this flaw to escalate their\nprivileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the\nreturn value of the crypt() function. An authenticated database user could\npossibly use this flaw to crash PostgreSQL via a null pointer dereference.\n(CVE-2014-0066)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Noah Misch as the original reporter of\nCVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the\noriginal reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as\nthe original reporters of CVE-2014-0065, Andres Freund as the original\nreporter of CVE-2014-0061, Robert Haas and Andres Freund as the original\nreporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the\noriginal reporters of CVE-2014-0066.\n\nThese updated packages upgrade PostgreSQL to version 8.4.20, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-19.html\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-20.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. If the postgresql\nservice is running, it will be automatically restarted after installing\nthis update.\n", "published": "2014-02-25T05:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0211", "cvelist": ["CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066"], "lastseen": "2017-09-09T07:20:18"}, {"id": "RHSA-2014:0469", "type": "redhat", "title": "(RHSA-2014:0469) Important: cfme security, bug fix, and enhancement update", "description": "Red Hat CloudForms Management Engine delivers the insight, control, and\nautomation needed to address the challenges of managing virtual\nenvironments.\n\nA flaw was found in the way Ruby on Rails' actionpack rubygem performed\nJSON parameter parsing. An application using a third party library, which\nuses the Rack::Request interface, or custom Rack middleware could bypass\nthe protection implemented to fix the CVE-2013-0155 vulnerability, causing\nthe application to receive unsafe parameters and become vulnerable to\nCVE-2013-0155. (CVE-2013-6417)\n\nAn input sanitization flaw was found in the saved_report_delete action in\nthe ReportController. An authenticated Management Engine user could use\nthis flaw to perform an SQL injection attack on the Management Engine back\nend database. (CVE-2014-0137)\n\nIt was found that Red Hat CloudForms Management Engine did not properly\ncheck user role permissions for actions associated with catalogs.\nAn authenticated Management Engine user could use this flaw to delete\narbitrary catalogs regardless of the granted permissions. (CVE-2014-0078)\n\nMultiple stack-based buffer overflow flaws were found in the date/time\nimplementation of PostgreSQL. An authenticated database user could provide\na specially crafted date/time value that, when processed, could cause\nPostgreSQL to crash or, potentially, execute arbitrary code with the\npermissions of the user running PostgreSQL. (CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in various type input functions in PostgreSQL. An authenticated\ndatabase user could possibly use these flaws to crash PostgreSQL or,\npotentially, execute arbitrary code with the permissions of the user\nrunning PostgreSQL. (CVE-2014-0064, CVE-2014-2669)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash\nPostgreSQL or, potentially, execute arbitrary code with the permissions of\nthe user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting an SQL role to a database user in a PostgreSQL\ndatabase without specifying the \"ADMIN\" option allowed the grantee to\nremove other users from their granted role. An authenticated database user\ncould use this flaw to remove a user from an SQL role which they were\ngranted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL's\nprocedural languages. An authenticated database user could possibly use\nthis flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way PostgreSQL's CREATE INDEX command\nperformed multiple independent lookups of a table that had to be indexed.\nAn authenticated database user could possibly use this flaw to escalate\ntheir privileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the\nreturn value of the crypt() function. An authenticated database user could\npossibly use this flaw to crash PostgreSQL via a null pointer dereference.\n(CVE-2014-0066)\n\nRed Hat would like to thank the Ruby on Rails project for reporting\nCVE-2013-6417; upstream acknowledges Sudhir Rao as the original reporter\nof this issue.\n\nRed Hat would also like to thank the PostgreSQL project for reporting\nCVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,\nCVE-2014-0065, CVE-2014-0066, and CVE-2014-2669; upstream acknowledges Noah\nMisch, Heikki Linnakangas, Peter Eisentraut, Jozef Mlich, Andres Freund,\nRobert Haas, Honza Horak, and Bruce Momjian as the original reporters of\nthese issues.\n\nThe CVE-2014-0137 and CVE-2014-0078 issues were discovered by Jan Rusnacko\nof the Red Hat Product Security Team.\n", "published": "2014-05-12T04:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0469", "cvelist": ["CVE-2014-2669", "CVE-2013-6417", "CVE-2014-0065", "CVE-2014-0137", "CVE-2014-0064", "CVE-2014-0063", "CVE-2013-0155", "CVE-2014-0060", "CVE-2014-0078", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2016-11-25T14:52:38"}], "freebsd": [{"id": "42D42090-9A4D-11E3-B029-08002798F6FF", "type": "freebsd", "title": "PostgreSQL -- multiple privilege issues", "description": "\nPostgreSQL Project reports:\n\nThis update fixes CVE-2014-0060, in which PostgreSQL did not\n\t properly enforce the WITH ADMIN OPTION permission for ROLE management.\n\t Before this fix, any member of a ROLE was able to grant others access\n\t to the same ROLE regardless if the member was given the WITH ADMIN\n\t OPTION permission. It also fixes multiple privilege escalation issues,\n\t including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,\n\t CVE-2014-0065, and CVE-2014-0066. More information on these issues can\n\t be found on our security page and the security issue detail wiki page.\n\t \n\n\t With this release, we are also alerting users to a known security hole\n\t that allows other users on the same machine to gain access to an\n\t operating system account while it is doing \"make check\":\n\t CVE-2014-0067. \"Make check\" is normally part of building PostgreSQL\n\t from source code. As it is not possible to fix this issue without\n\t causing significant issues to our testing infrastructure, a patch will\n\t be released separately and publicly. Until then, users are strongly\n\t advised not to run \"make check\" on machines where untrusted users have\n\t accounts.\n\n", "published": "2014-02-20T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/42d42090-9a4d-11e3-b029-08002798f6ff.html", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0067", "CVE-2014-0061"], "lastseen": "2016-09-26T17:24:26"}], "centos": [{"id": "CESA-2014:0221", "type": "centos", "title": "postgresql92 security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:0221\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nMultiple stack-based buffer overflow flaws were found in the date/time\nimplementation of PostgreSQL. An authenticated database user could provide\na specially crafted date/time value that, when processed, could cause\nPostgreSQL to crash or, potentially, execute arbitrary code with the\npermissions of the user running PostgreSQL. (CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in various type input functions in PostgreSQL. An authenticated\ndatabase user could possibly use these flaws to crash PostgreSQL or,\npotentially, execute arbitrary code with the permissions of the user\nrunning PostgreSQL. (CVE-2014-0064)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash\nPostgreSQL or, potentially, execute arbitrary code with the permissions of\nthe user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting an SQL role to a database user in a PostgreSQL\ndatabase without specifying the \"ADMIN\" option allowed the grantee to\nremove other users from their granted role. An authenticated database user\ncould use this flaw to remove a user from an SQL role which they were\ngranted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL's\nprocedural languages (PLs). An authenticated database user could possibly\nuse this flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way the CREATE INDEX command performed\nmultiple independent lookups of a table that had to be indexed. An\nauthenticated database user could possibly use this flaw to escalate their\nprivileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the\nreturn value of the crypt() function. An authenticated database user could\npossibly use this flaw to crash PostgreSQL via a null pointer dereference.\n(CVE-2014-0066)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Noah Misch as the original reporter of\nCVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the\noriginal reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as\nthe original reporters of CVE-2014-0065, Andres Freund as the original\nreporter of CVE-2014-0061, Robert Haas and Andres Freund as the original\nreporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the\noriginal reporters of CVE-2014-0066.\n\nThese updated packages upgrade PostgreSQL to version 9.2.7, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/9.2/static/release-9-2-7.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. If the postgresql\nservice is running, it will be automatically restarted after installing\nthis update.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-February/020182.html\n\n**Affected packages:**\npostgresql92-postgresql\npostgresql92-postgresql-contrib\npostgresql92-postgresql-devel\npostgresql92-postgresql-docs\npostgresql92-postgresql-libs\npostgresql92-postgresql-plperl\npostgresql92-postgresql-plpython\npostgresql92-postgresql-pltcl\npostgresql92-postgresql-server\npostgresql92-postgresql-test\npostgresql92-postgresql-upgrade\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0221.html", "published": "2014-02-28T01:35:22", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-February/020182.html", "cvelist": ["CVE-2014-2669", "CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-10-03T18:25:08"}, {"id": "CESA-2014:0211", "type": "centos", "title": "postgresql, postgresql84 security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:0211\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nMultiple stack-based buffer overflow flaws were found in the date/time\nimplementation of PostgreSQL. An authenticated database user could provide\na specially crafted date/time value that, when processed, could cause\nPostgreSQL to crash or, potentially, execute arbitrary code with the\npermissions of the user running PostgreSQL. (CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in various type input functions in PostgreSQL. An authenticated\ndatabase user could possibly use these flaws to crash PostgreSQL or,\npotentially, execute arbitrary code with the permissions of the user\nrunning PostgreSQL. (CVE-2014-0064)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash\nPostgreSQL or, potentially, execute arbitrary code with the permissions of\nthe user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting an SQL role to a database user in a PostgreSQL\ndatabase without specifying the \"ADMIN\" option allowed the grantee to\nremove other users from their granted role. An authenticated database user\ncould use this flaw to remove a user from an SQL role which they were\ngranted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL's\nprocedural languages (PLs). An authenticated database user could possibly\nuse this flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way the CREATE INDEX command performed\nmultiple independent lookups of a table that had to be indexed. An\nauthenticated database user could possibly use this flaw to escalate their\nprivileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the\nreturn value of the crypt() function. An authenticated database user could\npossibly use this flaw to crash PostgreSQL via a null pointer dereference.\n(CVE-2014-0066)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Noah Misch as the original reporter of\nCVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the\noriginal reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as\nthe original reporters of CVE-2014-0065, Andres Freund as the original\nreporter of CVE-2014-0061, Robert Haas and Andres Freund as the original\nreporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the\noriginal reporters of CVE-2014-0066.\n\nThese updated packages upgrade PostgreSQL to version 8.4.20, which fixes\nthese issues as well as several non-security issues. Refer to the\nPostgreSQL Release Notes for a full list of changes:\n\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-19.html\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-20.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. If the postgresql\nservice is running, it will be automatically restarted after installing\nthis update.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-February/020177.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-February/020178.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-libs\npostgresql-plperl\npostgresql-plpython\npostgresql-pltcl\npostgresql-server\npostgresql-test\npostgresql84\npostgresql84-contrib\npostgresql84-devel\npostgresql84-docs\npostgresql84-libs\npostgresql84-plperl\npostgresql84-plpython\npostgresql84-pltcl\npostgresql84-python\npostgresql84-server\npostgresql84-tcl\npostgresql84-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0211.html", "published": "2014-02-25T18:39:58", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-February/020177.html", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-10-03T18:24:33"}, {"id": "CESA-2014:0249", "type": "centos", "title": "postgresql security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:0249\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nMultiple stack-based buffer overflow flaws were found in the date/time\nimplementation of PostgreSQL. An authenticated database user could provide\na specially crafted date/time value that, when processed, could cause\nPostgreSQL to crash or, potentially, execute arbitrary code with the\npermissions of the user running PostgreSQL. (CVE-2014-0063)\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in various type input functions in PostgreSQL. An authenticated\ndatabase user could possibly use these flaws to crash PostgreSQL or,\npotentially, execute arbitrary code with the permissions of the user\nrunning PostgreSQL. (CVE-2014-0064)\n\nMultiple potential buffer overflow flaws were found in PostgreSQL.\nAn authenticated database user could possibly use these flaws to crash\nPostgreSQL or, potentially, execute arbitrary code with the permissions of\nthe user running PostgreSQL. (CVE-2014-0065)\n\nIt was found that granting an SQL role to a database user in a PostgreSQL\ndatabase without specifying the \"ADMIN\" option allowed the grantee to\nremove other users from their granted role. An authenticated database user\ncould use this flaw to remove a user from an SQL role which they were\ngranted access to. (CVE-2014-0060)\n\nA flaw was found in the validator functions provided by PostgreSQL's\nprocedural languages (PLs). An authenticated database user could possibly\nuse this flaw to escalate their privileges. (CVE-2014-0061)\n\nA race condition was found in the way the CREATE INDEX command performed\nmultiple independent lookups of a table that had to be indexed. An\nauthenticated database user could possibly use this flaw to escalate their\nprivileges. (CVE-2014-0062)\n\nIt was found that the chkpass extension of PostgreSQL did not check the\nreturn value of the crypt() function. An authenticated database user could\npossibly use this flaw to crash PostgreSQL via a null pointer dereference.\n(CVE-2014-0066)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Noah Misch as the original reporter of\nCVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the\noriginal reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as\nthe original reporters of CVE-2014-0065, Andres Freund as the original\nreporter of CVE-2014-0061, Robert Haas and Andres Freund as the original\nreporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the\noriginal reporters of CVE-2014-0066.\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. If the postgresql\nservice is running, it will be automatically restarted after installing\nthis update.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-March/020184.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0249.html", "published": "2014-03-04T20:53:33", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-March/020184.html", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-10-03T18:26:04"}], "ubuntu": [{"id": "USN-2120-1", "type": "ubuntu", "title": "PostgreSQL vulnerabilities", "description": "Noah Misch and Jonas Sundman discovered that PostgreSQL did not correctly \nenforce ADMIN OPTION restrictions. An authenticated attacker could use this \nissue to possibly revoke access from others, contrary to expected \npermissions. ([CVE-2014-0060](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-0060>))\n\nAndres Freund discovered that PostgreSQL incorrectly handled validator \nfunctions. An authenticated attacker could possibly use this issue to \nescalate their privileges. ([CVE-2014-0061](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-0061>))\n\nAndres Freund discovered that PostgreSQL incorrectly handled concurrent \nCREATE INDEX statements. An authenticated attacker could possibly use this \nissue to obtain access to restricted data, bypassing intended privileges. \n([CVE-2014-0062](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-0062>))\n\nDaniel Sch\u00fcssler discovered that PostgreSQL incorrectly handled datetime \ninput. An authenticated attacker could possibly use this issue to cause \nPostgreSQL to crash, resulting in a denial of service, or possibly execute \narbitrary code. ([CVE-2014-0063](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-0063>))\n\nIt was discovered that PostgreSQL incorrectly handled certain size \ncalculations. An authenticated attacker could possibly use this issue to \ncause PostgreSQL to crash, resulting in a denial of service, or possibly \nexecute arbitrary code. ([CVE-2014-0064](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-0064>))\n\nPeter Eisentraut and Jozef Mlich discovered that PostgreSQL incorrectly \nhandled certain buffer sizes. An authenticated attacker could possibly use \nthis issue to cause PostgreSQL to crash, resulting in a denial of service, \nor possibly execute arbitrary code. ([CVE-2014-0065](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-0065>))\n\nHonza Horak discovered that PostgreSQL incorrectly used the crypt() library \nfunction. This issue could possibly cause PostgreSQL to crash, resulting in \na denial of service ([CVE-2014-0066](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-0066>))", "published": "2014-02-24T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/usn/usn-2120-1/", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2017-08-09T19:12:04"}], "kaspersky": [{"id": "KLA10297", "type": "kaspersky", "title": "\r KLA10297Multiple vulnerabilities in PostgreSQL\t\t\t ", "description": "### *CVSS*:\n6.5\n\n### *Detect date*:\n03/31/2014\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in PostgreSQL. Malicious users can exploit these vulnerabilities to cause denial of service, unauthorized tables access, bypass group politics restrictions and gain privileges. \nBelow is a complete list of vulnerabilities\n\n### *Affected products*:\nPostgreSQL 9.3 versions 9.3.2 and earlier \nPostgreSQL 9.2 versions 9.2.6 and earlier \nPostgreSQL 9.1 versions 9.1.11 and earlier \nPostgreSQL 9.0 versions 9.0.15 and earlier \nPostgreSQL versions 8.4.19 and earlier\n\n### *Solution*:\nUpdate to latest version \n[PostgreSQL](<http://www.postgresql.org/download/>)\n\n### *Original advisories*:\n[PostgreSQL bulletin](<http://www.postgresql.org/about/news/1506/>) \n\n\n### *Impacts*:\nSB \n\n### *Related products*:\n[PostgreSQL](<https://threats.kaspersky.com/en/product/PostgreSQL-2/>)\n\n### *CVE-IDS*:\n[CVE-2014-0061](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061>) \n[CVE-2014-0060](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060>) \n[CVE-2014-0063](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063>) \n[CVE-2014-0062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062>) \n[CVE-2014-0065](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065>) \n[CVE-2014-0064](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064>) \n[CVE-2014-0066](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066>)", "published": "2014-03-31T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10297", "cvelist": ["CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0063", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-0066", "CVE-2014-0061"], "lastseen": "2018-02-19T21:28:42"}], "gentoo": [{"id": "GLSA-201408-15", "type": "gentoo", "title": "PostgreSQL: Multiple vulnerabilities", "description": "### Background\n\nPostgreSQL is an open source object-relational database management system. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote authenticated attacker may be able to create a Denial of Service condition, bypass security restrictions, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PostgreSQL 9.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-server-9.3.3\"\n \n\nAll PostgreSQL 9.2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-server-9.2.7\"\n \n\nAll PostgreSQL 9.1 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-server-9.1.12\"\n \n\nAll PostgreSQL 9.0 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-server-9.0.16\"\n \n\nAll PostgreSQL 8.4 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-server-8.4.20\"", "published": "2014-08-29T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201408-15", "cvelist": ["CVE-2014-2669", "CVE-2014-0065", "CVE-2014-0064", "CVE-2013-0255", "CVE-2014-0063", "CVE-2014-0060", "CVE-2013-1901", "CVE-2014-0062", "CVE-2014-0066", "CVE-2013-1900", "CVE-2014-0061", "CVE-2013-1899"], "lastseen": "2016-09-06T19:46:46"}], "huawei": [{"id": "HUAWEI-SA-20170531-04-GAUSSDB", "type": "huawei", "title": "Security Advisory - Two Buffer Overflow Vulnerabilities in the GaussDB", "description": "There is a buffer overflow vulnerability in the type conversion function of the GaussDB. An attacker logs in to the system as a common user and craft malformed packets, which could be exploited to perform a denial of service attack or possibly remote code execution on the GaussDB. (Vulnerability ID: HWPSIRT-2017-05014)\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-0064. \nThere is a buffer overflow vulnerability in the time conversion function of the GaussDB. An attacker logs in to the system as a common user and craft malformed packets. If the length of a specific field is longer than the maximum value, it will be exploited to perform a denial of service attack or possibly remote code execution on the GaussDB. (Vulnerability ID: HWPSIRT-2017-05170)\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-0063. \nHuawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:\nhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-04-gaussdb-en", "published": "2017-05-31T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-04-gaussdb-en", "cvelist": ["CVE-2014-0064", "CVE-2014-0063"], "lastseen": "2017-05-31T11:13:36"}, {"id": "HUAWEI-SA-20170531-05-GAUSSDB", "type": "huawei", "title": "Security Advisory - Two Privilege Escalation Vulnerabilities in the GaussDB", "description": "There is a privilege escalation vulnerability in the validator functions of the GaussDB. An attacker may log in to the system as a low-privilege user and execute the high-privilege functions. Then, the attacker may obtain the high-privilege of the GaussDB and crash the system. (Vulnerability ID: HWPSIRT-2017-05015)\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-0061.\n\nThere is a privilege escalation vulnerability in the GaussDB. An attacker may log in to the system as a low-privilege user. When the high-privilege user executes specific operation, the attacker could modify the high-privilege user's tables and crash the system. (Vulnerability ID: HWPSIRT-2017-05171)\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-0062.\nHuawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:\nhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-05-gaussdb-en", "published": "2017-05-31T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-05-gaussdb-en", "cvelist": ["CVE-2014-0062", "CVE-2014-0061"], "lastseen": "2017-05-31T11:13:36"}]}}